Spreadsheets Cog
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent for generating spreadsheets through CellCog, but users should notice that it requires a CellCog API key and delegates work to an external agent service.
Before installing, make sure you trust CellCog, use a protected API key, and avoid sending confidential financial or personal spreadsheet data unless you are comfortable with CellCog and any configured provider processing it. Review generated spreadsheets, especially formulas and financial assumptions, before relying on them.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must provide a CellCog API key, which could authorize actions or usage against their CellCog account.
The skill requires a CellCog API key even though the registry does not label a primary credential, so users should recognize that use of the skill depends on delegated CellCog account access.
Required env vars: CELLCOG_API_KEY ... Primary credential: none
Use a dedicated, least-privileged CellCog API key if available, keep it out of prompts and shared files, and rotate it if exposed.
Financial models, budgets, sales trackers, or other spreadsheet inputs may include sensitive personal or business data that is sent to CellCog or a configured provider.
The skill delegates spreadsheet creation through CellCog and potentially other named agent providers, so user prompts and spreadsheet data may be processed outside the local OpenClaw context.
client = CellCogClient(agent_provider="openclaw|cursor|claude-code|codex|...")
Review CellCog’s data handling terms and avoid sending confidential spreadsheet data unless you are comfortable with the configured provider processing it.
The reviewed artifact does not itself contain the CellCog package or referenced SDK behavior, so trust also depends on the external CellCog dependency a user installs or has available.
The skill depends on an external CellCog component that is not included in the single-file artifact, making the external SDK/skill provenance relevant for safe use.
dependencies: [cellcog]
Install CellCog only from the official source, check package names carefully, and review the referenced CellCog skill or SDK documentation before using sensitive data.
CellCog may use programmatic spreadsheet generation rather than only filling templates, which can be powerful but should be guided with clear user prompts and reviewed outputs.
The skill advertises broad Python-powered spreadsheet generation. This is aligned with creating complex workbooks, but it is still broader than a static template generator.
Full Python access, complex data manipulation, formulas, pivot tables, and financial models
Use specific task prompts, review generated formulas and financial assumptions, and avoid treating generated financial models as automatically verified advice.